- First of all, it steals the users’ Facebook Access Tokens by asking them to view a color changer tutorial video,which allows hacker to connect to the victim’s Facebook friends.
- If the user doesn’t watch the video, the site then tries to get them to download the malicious color changer application, in order to infect their systems with malware.
According to the researchers at Cheetah Mobile, the problem stems from “a vulnerability that lives in Facebook’s app page itself, allowing hackers to implant viruses and malicious code into Facebook-based applications that directs users to phishing sites.“
- Realize there’s no way to customize your Facebook with an app
- Do not click any link which suggests otherwise
- Even if the link suggests it’s heading toward an Official Facebook Page – DO NOT TRUST IT